/*
 * Copyright (C) 2014 Administrator
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
package cn.ratking.demo.jaws7.security.view;

import javax.enterprise.context.RequestScoped;
import javax.inject.Named;

import org.apache.shiro.codec.Hex;
import org.apache.shiro.crypto.AesCipherService;

/**
 *
 * @author Administrator
 */
@Named
@RequestScoped
public class SecurityInfo {

    private String key;

    public String getKey() {
        return key;
    }

    public void setKey(String key) {
        this.key = key;
    }

    /**
     * By the way, the cookie value turns out to be a Base64 encoded
     * representation of an AES encrypted representation of
     * a serialized representation of a collection of principals.
     * Basically, it contains the necessary username information which is
     * decryptable with the right key (which a hacker can in case of a default
     * key easily figure by just looking at Shiro's source code).
     * Not my favorite approach, but the AES encryption is really strong and
     * you can (must) specify a custom AES cipher key or even a complete custom
     * manager which can deal with the cookie value format you need.
     * The custom AES chiper key can if necessary be specified as follows in
     * shiro.ini according to this example in the Shiro INI documentation:
     * The value is obviously fully to your choice. You can generate your own as
     * follows using Shiro's own cryptographic API:
     */
    public void regen() {
        key = "0x" + Hex.encodeToString(new AesCipherService().generateNewKey().getEncoded());
    }
}
